Rauner signs bill to protect Illinois from cyberthreats

Chronicle Media — August 11, 2017

Gov. Bruce Rauner on Aug. 7 signed House Bill 2371, requiring all executive branch State of Illinois employees responsible to the governor, not including public university employees, to undergo annual cybersecurity training to understand the risks, threats and best practices to defend against cyber threats.

“Hackers and cyber criminals continually grow more sophisticated in their attempts to steal sensitive data and infect state computer systems. It is crucial that state employees have knowledge to protect themselves and the state from the impact of cyber-attacks,” the governor’s office said.

This legislation is intended to better protect the personal information of state residents and ensure critical state services are not interrupted.

“Employees are our first line of defense,” Rauner said. “Ensuring that our staff is properly trained against cyber threats is vital to protect Illinois’ services and information. Cybersecurity is no longer just an IT issue. It is a public safety issue, and we will do all we can to protect the residents and infrastructure of our state.”

The Department of Innovation & Technology (DoIT) is charged with implementing the training program and recently released the State of Illinois Cybersecurity Strategy.

Key objectives include protecting state of Illinois information and systems, reducing cyber risk, providing best-in-class cybersecurity capabilities and ensuring an enterprise approach to cybersecurity. Cyber-awareness training is a key component of the strategy.

“The State of Illinois’ digital transformation is placing Illinois in a leadership role across the nation in areas such as the use of mobile technologies, capturing the value of data and becoming the first state to establish itself as a Smart State. Along with our impressive technological progress comes a responsibility to simultaneously increase our cybersecurity efforts to defend our state from cyber-attacks,” Hardik Bhatt, DoIT secretary designate and chief digital officer said.

Doug Robinson, executive director of the National Association of State Chief Information Officers, said he supports the efforts of states to increase cybersecurity.

“State employees are on the firing-line of protecting digital assets of the state. NASCIO has repeatedly advocated that states make cybersecurity training and awareness for employees a priority. By mandating cybersecurity training, the leadership in the State of Illinois is making a serious statement about their commitment to reducing risks,” he said.

With this legislation, Illinois becomes the 15th state to adopt a mandatory cybersecurity awareness training for state employees. States are increasingly the targets of attacks, and security threats pose a daily risk in the state’s ability to serve taxpayers and protect critical and confidential information.

According to a study by the Ponemon Institute and IBM Security, the average total cost of a data breach amongst the 419 companies they surveyed was $3.62 million.

Cybersecurity awareness training and re-enforcement programs cost less than $5 per person and offer a cost avoidance of around $184 per user. Additionally, these training programs are believed to significantly reduce the risk of cyberattacks, offering a significant preventative cost savings to the taxpayers of Illinois.